From 04b0f3255fc2c9e275ac93eeb29c37f6465a3992 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 Sep 2017 19:03:54 -0400 Subject: tests: Add sysctl --- nixos/tests/sysctl.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 nixos/tests/sysctl.nix (limited to 'nixos/tests') diff --git a/nixos/tests/sysctl.nix b/nixos/tests/sysctl.nix new file mode 100644 index 000000000000..d7220cabb22c --- /dev/null +++ b/nixos/tests/sysctl.nix @@ -0,0 +1,25 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "sysctl"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { config, lib, pkgs, ... }: + { + boot.kernelPackages = pkgs.linuxPackages; + boot.kernel.sysctl = { + "kernel.dmesg_restrict" = true; # Restrict dmesg access + "net.core.bpf_jit_enable" = false; # Turn off bpf JIT + "user.max_user_namespaces" = 0; # Disable user namespaces + "vm.swappiness" = 2; # Low swap usage + }; + }; + + testScript = + '' + $machine->succeed("sysctl kernel.dmesg_restrict | grep 'kernel.dmesg_restrict = 1'"); + $machine->succeed("sysctl net.core.bpf_jit_enable | grep 'net.core.bpf_jit_enable = 0'"); + $machine->succeed("sysctl user.max_user_namespaces | grep 'user.max_user_namespaces = 0'"); + $machine->succeed("sysctl vm.swappiness | grep 'vm.swappiness = 2'"); + ''; +}) -- cgit 1.4.1 From 3e2975e892527fe45e4f574401cb7d19eb9542a6 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 Sep 2017 19:04:43 -0400 Subject: tests: Add kernelParams --- nixos/release-combined.nix | 1 + nixos/release.nix | 1 + nixos/tests/kernel-params.nix | 24 ++++++++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 nixos/tests/kernel-params.nix (limited to 'nixos/tests') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 30f5f96dc505..f820c0408017 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -93,6 +93,7 @@ in rec { (all nixos.tests.plasma5) (all nixos.tests.kernel-latest) (all nixos.tests.kernel-lts) + (all nixos.tests.kernel-params) #(all nixos.tests.lightdm) (all nixos.tests.login) (all nixos.tests.misc) diff --git a/nixos/release.nix b/nixos/release.nix index c557349a3264..6348c2f15d4c 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -264,6 +264,7 @@ in rec { tests.kernel-copperhead = tests/kernel-copperhead.nix {}; tests.kernel-latest = tests/kernel-latest.nix {}; tests.kernel-lts = tests/kernel-lts.nix {}; + tests.kernel-params = tests/kernel-params.nix {}; tests.keystone = callTest tests/keystone.nix {}; tests.kubernetes = hydraJob (import tests/kubernetes.nix { system = "x86_64-linux"; }); tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; }; diff --git a/nixos/tests/kernel-params.nix b/nixos/tests/kernel-params.nix new file mode 100644 index 000000000000..14a393356911 --- /dev/null +++ b/nixos/tests/kernel-params.nix @@ -0,0 +1,24 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "kernel-params"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { config, lib, pkgs, ... }: + { + boot.kernelPackages = pkgs.linuxPackages; + boot.kernelParams = [ + "nohibernate" + "page_poison=1" + "vsyscall=none" + ]; + }; + + testScript = + '' + $machine->fail("cat /proc/cmdline | grep page_poison=0"); + $machine->succeed("cat /proc/cmdline | grep nohibernate"); + $machine->succeed("cat /proc/cmdline | grep page_poison=1"); + $machine->succeed("cat /proc/cmdline | grep vsyscall=none"); + ''; +}) -- cgit 1.4.1 From b4ccef2163d07e5f35bc802c357d2d2167409a3a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 Sep 2017 19:05:37 -0400 Subject: tests: Add environment --- nixos/release-combined.nix | 1 + nixos/release.nix | 1 + nixos/tests/env.nix | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 nixos/tests/env.nix (limited to 'nixos/tests') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index f820c0408017..4cc140ebb155 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -82,6 +82,7 @@ in rec { (all nixos.tests.boot-stage1) nixos.tests.hibernate.x86_64-linux # i686 is flaky, see #23107 (all nixos.tests.ecryptfs) + (all nixos.tests.env) (all nixos.tests.ipv6) (all nixos.tests.i3wm) (all nixos.tests.keymap.azerty) diff --git a/nixos/release.nix b/nixos/release.nix index 6348c2f15d4c..bad9cfe6c7e9 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -240,6 +240,7 @@ in rec { tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops; tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config; tests.elk = callTest tests/elk.nix {}; + tests.env = callTest tests/env.nix {}; tests.ferm = callTest tests/ferm.nix {}; tests.firefox = callTest tests/firefox.nix {}; tests.firewall = callTest tests/firewall.nix {}; diff --git a/nixos/tests/env.nix b/nixos/tests/env.nix new file mode 100644 index 000000000000..c6b0424e97b9 --- /dev/null +++ b/nixos/tests/env.nix @@ -0,0 +1,35 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "environment"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { config, lib, pkgs, ... }: + { + boot.kernelPackages = pkgs.linuxPackages; + environment.etc."plainFile".text = '' + Hello World + ''; + environment.etc."folder/with/file".text = '' + Foo Bar! + ''; + + environment.sessionVariables = { + TERMINFO_DIRS = "/run/current-system/sw/share/terminfo"; + NIXCON = "awesome"; + }; + }; + + testScript = + '' + $machine->succeed('[ -L "/etc/plainFile" ]'); + $machine->succeed('cat "/etc/plainFile" | grep "Hello World"'); + $machine->succeed('[ -d "/etc/folder" ]'); + $machine->succeed('[ -d "/etc/folder/with" ]'); + $machine->succeed('[ -L "/etc/folder/with/file" ]'); + $machine->succeed('cat "/etc/plainFile" | grep "Hello World"'); + + $machine->succeed('echo ''${TERMINFO_DIRS} | grep "/run/current-system/sw/share/terminfo"'); + $machine->succeed('echo ''${NIXCON} | grep "awesome"'); + ''; +}) -- cgit 1.4.1